CN1278248C - Data isolation switching transmission method based on extended data bus of embedded system - Google Patents
Data isolation switching transmission method based on extended data bus of embedded system Download PDFInfo
- Publication number
- CN1278248C CN1278248C CNB2004100180180A CN200410018018A CN1278248C CN 1278248 C CN1278248 C CN 1278248C CN B2004100180180 A CNB2004100180180 A CN B2004100180180A CN 200410018018 A CN200410018018 A CN 200410018018A CN 1278248 C CN1278248 C CN 1278248C
- Authority
- CN
- China
- Prior art keywords
- data bus
- switch controller
- lvds
- read
- memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Small-Scale Networks (AREA)
Abstract
The present invention relates to a data isolation switch transmitting method on the basis of an extended data bus of an embedded system, which is used in the technical fields of network data exchange and information security. Extended data buses of two 32-bit embedded host machines are connected with an isolation switch unit after being converted by LVDS signals; the isolation switch unit comprises an LVDS signal conversion circuit, an isolation switch controller and SRAM; the extended data bus of one host machine is connected to an isolation switch hardware unit after being converted by the LVDS signals and connected with SRAM of an isolation memory after being restored into signals of the extended data bus by the LVDS signal conversion circuit; a transmission path is controlled by an isolation switch controller; CPLD of the isolation switch controller reads and writes an SRAM memory in real time through a triggering embedded host machine system transmitting interrupt response signals; only one host machine system can read and write SRAM an any time; high-speed, real-time and bidirectional data switch transmission in an embedded duplex machine system provided with an extended data bus interface is realized through the organization and the management of the SRAM memory.
Description
Technical field
The present invention relates to a kind of data isolation switched transmission method, specifically is a kind of data isolation switched transmission method based on embedded system growth data bus, is used for network data exchange, field of information security technology.
Background technology
Current method of carrying out security protection at network boundary mainly is to adopt firewall technology.Fire wall monitors the flow of turnover network by software and network is connected and controls.Because the firewall hardware system has adopted the mode of single Bastion Host, in case therefore software systems are captured by the hacker, then firewall system just performs practically no function.Nineteen ninety-five has proposed a kind of inter-network data by people such as Russian Ry Jones isolates and the technology that exchanges, and is called " Airgap ", and its English original meaning is meant the slit that is used to isolate that air forms.When the state that is used to describe between the network, be meant the disconnection of network link layer.After this, people generally use network that English " GAP " (former meaning " gap ") refers to make two or more by specialized hardware carrying out the secure data transmission between the network and the technology of resource sharing under the disconnected situation.Its basic demand is: the Internet Protocol of cutting off between the network (TCP/IP) connects, and decomposition or reorganization TCP/IP packet also carry out safe examination, then destination host are on one side produced effectively connection, and exchanges data is gone out.Therefore, the hardware platform of realizing this technology needs and can realize between two host computer systems that the data isolation that directly connects under the link disconnection switches transmission.Present technology implementation method all adopts an electronic switching device that has storer, and the external data transmission bus that connects two main frames is carried out switching controls, and the method for ferrying with data exchanges.The external data transmission bus packet that adopts is drawn together serial ports, parallel port, IDE, SCSI and USB etc.
The storer that prior art adopts is generally the magnetic store that has certain bus interface, as hard disk.For example, the U.S. Whale company that is found in 1998, the major product of the said firm comprises the SSL VPN of e-Gap series and application firewall (Application Firewall) etc., these products all based on the unified switching hardware platform of isolating that is called the Airgap technology, mainly be made up of switch and storer based on SCSI bus by this hardware platform.Adopt the method major defect that above-mentioned these external data transmission buses are switched to have: 1) external data transmission bus is used for the peripheral hardware of host computer system, will take the processor time in hand-off process.Therefore, data transmission and processing can be restricted, and influence throughput of system when switching transmission at a high speed.2) be subjected to the restriction of specific bus technology, a little less than the control ability of electronic switch, the mode that can not initiatively adopt hardware interrupts at a high speed and the real-time informing host computer system switch transmission.3) adopt magnetic store, as hard disk, as sequestering memory, its read or write speed is limited, influences system data exchange throughput.
Summary of the invention
The objective of the invention is to above-mentioned deficiency and defective, a kind of data isolation switched transmission method based on embedded system growth data bus is provided at prior art.Make it utilize the growth data bus of embedded system can obtain the transfer rate suitable with system bus, far above general external data transmission bus, and can control switching as electronic switch with the high-speed programmable device, switch transmission with the hardware interrupts real time notification system, in addition, replace magnetic store will obtain higher data with static memory and switch the transmission throughput as sequestering memory.The present invention will obtain higher data switching transmission performance than switch transmission technology based on the isolation of external data transmission bus.
The present invention is achieved by the following technical solutions.The growth data bus of two 32 embedded hosts is isolated switch unit by connecting after level difference parallel circuit (LVDS) conversion of signals, realizes that by isolating switch unit the growth data bus that connects two embedded host systems is carried out time slot in turn to be switched.Isolate switch unit comprise be used for the LVDS signal revert to the growth data bus signals LVDS conversion of signals chip, adopt isolation switch controller that CPLD (CPLD) realizes and as the static memory (SRAM) of sequestering memory.After the growth data bus process LVDS conversion of signals of a main frame, be connected to isolation by cable and switch hardware cell, link to each other with sequestering memory after reverting to the growth data bus signals through LVDS conversion of signals chip again, this transmission channel is isolated switch controller and is controlled, and has only when isolating switch controller switching gate main frame growth data bus and could be read and write sequestering memory by this main frame.Isolating switch controller reads and writes the SRAM storer in real time by sending interrupt response signal triggering embedded host system, any time can only have a host computer system that sequestering memory is read and write, and, can be implemented in and carry out high-speed real-time bi-directional data switching transmission in the embedded two-computer system that is equipped with the growth data bus interface by organization and management to sequestering memory.
Below the present invention is further illustrated, particular content is as follows:
1) LVDS conversion of signals
Because the growth data bus of embedded system, the address bus equisignal line all is a HW High Way, therefore its transmission range is restricted, in order to carry out the signal transmission of certain distance between dual systems, the present invention has adopted the method that high speed signal is converted to LVDS (level difference parallel circuit) signal.Growth data bus, the address bus of embedded host system, read (READ) and write (WRITE) signal wire, sheet choosing (CS) signal wire to be converted to the LVDS differential signal by LVDS conversion of signals chip, differential signal is connected to the isolation switch unit by transmission cable, the LVDS conversion of signals chip of isolating on the switch unit is converted to the high speed signal of original system again to low level differential signal, is connected on the sequestering memory.Signal on high-speed line good transmission in than long distance can be convenient to and isolate switch being connected of hardware system by this method.Growth data bus and LVDS transmission line are diconnected, and address bus is to isolating the unidirectional output of switch unit.
2) adopt CPLD as isolating switch controller
Switch and need carry out under very high frequency owing to isolate, common electronic switch can't reach requirement, and the present invention has adopted the high speed complex programmable logic device (CPLD) as isolating switch controller.The look-at-me (IRQ) of the general input/output port (GPIO) of two main frames, busy (BUSY) signal of read-write and highest addresses signal wire are connected to by LVDS conversion of signals chip on the isolation switch controller of isolating in the switch unit, isolate the Enable Pin (EN) that switch controller is also connecting LVDS conversion of signals chip.Isolate enable the switch control that EN signal carry out transmission line of switch controller, behind gating and the access limit of notifying host computer system that sequestering memory is carried out with look-at-me before disconnecting by gating host side LVDS conversion of signals chip periodically.
3) tissue of sequestering memory
Because host computer system is to switch read-write at a high speed to the storer that isolate to switch in the hardware, therefore common storer all can not meet the demands as flash memory (FLASH) and Dram (SDRAM) etc., more need not carry magnetic store such as hard disk.Therefore the sequestering memory of isolating in the switch unit among the present invention has been selected static memory SRAM.The sequestering memory that switching controls software in the host computer system connects the growth data bus is regarded the storage area of a linearity as, adopts physical address to carry out addressing and read-write.Direction difference according to transmission is independently two sections of addresses with the memory block spatial division, can only write last sector address one side's main frame, and the opposing party's main frame can only be read, and the operation of following sector address is just in time opposite.By transmission direction being stored on the physical space of information separated and to carry out better security control.Isolate switch controller and distinguish sector address or time sector address by selection to the signal of the highest addresses bus that connected.
4) host computer system is to the read-write of sequestering memory
When the switching controls software in the main frame carries out read-write operation in preparation to sequestering memory, must understand the break-make situation of current transmission line.Isolate the mode of depositing switch controller employing interruption and notify main frame, after switching connection sequestering memory connected last side's main frame, the isolation switch controller sent hardware interrupts to this main frame and notifies the read-write of main frame to sequestering memory.When read data, for guaranteeing that main frame intactly reads the data in the sequestering memory, isolate switch controller the BUSY signal wire that is connecting is provided high level always, after the isolation switch controller is received the read signal of sequestering memory, just provide the BUSY low level, main frame just can read data bus like this.
Major advantage of the present invention has: adopt the processing power that can make full use of host cpu based on the data isolation switched transmission method of growth data bus, obtain transmission and the readwrite performance suitable with system bus, than based on external data transmission bus, can obtain higher transfer efficiency as buses such as SCSI, IDE.Employing the inventive method can not be subjected to the performance limitations of external data transmission bus, and transmission line is carried out the high speed switching and adopts the corresponding mode of hard interruption to notify main frame to read and write in real time.In addition, the present invention adopts static memory to make sequestering memory, switches the transmission throughput with can only adopting the method for magnetic store to compare based on external data transmission bus can to obtain higher data.
Description of drawings
The functional block diagram of Fig. 1 the inventive method implementation system
Fig. 2 the present invention isolates the fundamental diagram of switch controller
Embodiment
Technical solution of the present invention will be further described below in conjunction with accompanying drawing.
As shown in Figure 1, the functional block diagram of the inventive method implementation system comprises: two embedded host systems (as, can select Intel Xscal embedded processor system for use), isolate switch controller, sequestering memory.Two host computer systems link to each other with sequestering memory by the growth data bus, isolate switch controller the growth data bus is carried out switching controls, and control makes any time have only a host computer system to read and write sequestering memory to the read-write operation of sequestering memory.
As shown in Figure 2, the present invention isolates the fundamental diagram of switch controller.The isolation switch controller is connecting the look-at-me IRQ line of two host computer systems, and the EN that enables of BUSY line and LVDS chip holds.Isolate switch controller and export the waveform of periodic transformation, alternately control the EN that enables of two ends LVDS conversion of signals chip, change its on off operating mode.Make and isolate the growth data bus that switch controller can only trigger a host computer system at any time, be connected with sequestering memory by the LVDS conversion of signals.In the overall process, isolate switch controller and just be responsible for providing cycle control signal, and the sheet of control sequestering memory selects the CS signal, data, address bus need not through isolating switch controller.Every a switching cycle, provide the IRQ look-at-me earlier by isolating switch controller, notify the read-write of the main frame cut-out of an end to sequestering memory, provide the EN signal again, the sequestering memory LVDS signaling conversion circuit that this end leads to SRAM is led in cut-out, opens the LVDS conversion of signals chip of the other end subsequently with the EN signal, provides the IRQ look-at-me again, the main frame of the notice other end begins reading writing working, replaces so repeatedly.Isolate switch controller and at ordinary times the BUSY line is provided high level, when main frame can be read, isolate switch controller and provide the BUSY low level, the expression main frame is read data bus correctly.
The inventive method is through the concrete enforcement of system prototype, but is proved to be line stabilization.It has made full use of the processing power of host-processor, can obtain the maximum high speed data transfer ability suitable with system bus; Avoided being subject to the shortcoming of concrete bussing technique like the method switching controls, can switch and adopt hard interrupt mode real-time informing main frame to transmit at a high speed, improved the utilization factor of transmission line based on external data transmission bus type; And adopt the static memory that to read and write at a high speed to adopt the mode of magnetic store to have higher system-through-up capability than adopting like method based on external data transmission bus type as sequestering memory.
Claims (5)
1, a kind of data isolation switched transmission method based on embedded system growth data bus, it is characterized in that, the growth data bus of two 32 embedded hosts is isolated switch unit by connecting after the LVDS conversion of signals, realize that by isolating switch unit the growth data bus that connects two embedded host systems is carried out time slot in turn to be switched, isolate switch unit comprise be used for the LVDS signal revert to the growth data bus signals the LVDS signaling conversion circuit, adopt isolation switch controller that CPLD realizes and as the SRAM of sequestering memory; After the growth data bus process LVDS conversion of signals of a main frame, be connected to the isolation switch unit by cable, link to each other with sequestering memory after reverting to the growth data bus signals through LVDS conversion of signals chip again, this transmission channel is isolated switch controller and is controlled, and has only when isolating switch controller switching gate main frame growth data bus and could be read and write sequestering memory by this main frame; The CPLD that isolates switch controller reads and writes sequestering memory in real time by sending interrupt response signal triggering embedded host system, any time can only have a host computer system that sequestering memory is read and write, and, be implemented in and carry out high-speed real-time bi-directional data switching transmission in the embedded two-computer system that is equipped with the growth data bus interface by organization and management to sequestering memory.
2, the data isolation switched transmission method based on embedded system growth data bus according to claim 1 is characterized in that, described LVDS conversion of signals is specific as follows:
The growth data bus of embedded host system, address bus, read and write signal line, chip selection signal line are converted to the LVDS signal by LVDS conversion of signals chip, this signal is connected to the isolation switch unit by transmission cable, LVDS conversion of signals chip on the isolation switch unit is converted to the LVDS signal high speed signal of original system again, be connected on the sequestering memory, growth data bus and LVDS transmission line are diconnected, and address bus is to isolating the unidirectional output of switch unit.
3, the data isolation switched transmission method based on embedded system growth data bus according to claim 1 is characterized in that, described employing CPLD is as the isolation switch controller, and is specific as follows:
The look-at-me of the general input/output port of two main frames, read-write busy signal and highest addresses signal wire are connected on the isolation switch controller of isolating in the switch unit by LVDS conversion of signals chip, the isolation switch controller is also connecting the Enable Pin of LVDS conversion of signals chip, isolate switch controller and carry out the switch control of transmission line, behind gating and the access limit of notifying host computer system that sequestering memory is carried out with look-at-me before disconnecting by the Enable Pin signal of gating host side LVDS conversion of signals chip periodically.
4, the data isolation switched transmission method based on embedded system growth data bus according to claim 1 is characterized in that, the tissue of described sequestering memory is specific as follows:
The sequestering memory of isolating in the switch unit has been selected static memory SRAM, the sequestering memory that switching controls software in the host computer system connects the growth data bus is regarded the storage area of a linearity as, adopt physical address to carry out addressing and read-write, direction according to transmission is independently two sections of addresses with the memory block spatial division, isolate switch controller and distinguish sector address or time sector address by selection to the signal of the highest addresses bus that connected, can only write last sector address one side's main frame, the opposing party's main frame can only be read, and the operation of following sector address is just in time opposite.
5, the data isolation switched transmission method based on embedded system growth data bus according to claim 1 is characterized in that host computer system is to the read-write of sequestering memory, and is specific as follows:
Isolate the mode of depositing switch controller employing interruption and notify main frame, after switching the last side's main frame of connection sequestering memory connection, isolate switch controller this main frame is sent the read-write of hardware interrupts notice main frame to sequestering memory, when read data, for guaranteeing that main frame intactly reads the data in the sequestering memory, isolate switch controller the BUSY signal wire that is connecting is provided high level always, after the isolation switch controller is received the read signal of sequestering memory, just provide the BUSY low level, main frame could read data bus like this.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100180180A CN1278248C (en) | 2004-04-29 | 2004-04-29 | Data isolation switching transmission method based on extended data bus of embedded system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100180180A CN1278248C (en) | 2004-04-29 | 2004-04-29 | Data isolation switching transmission method based on extended data bus of embedded system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1570894A CN1570894A (en) | 2005-01-26 |
| CN1278248C true CN1278248C (en) | 2006-10-04 |
Family
ID=34479300
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100180180A Expired - Fee Related CN1278248C (en) | 2004-04-29 | 2004-04-29 | Data isolation switching transmission method based on extended data bus of embedded system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1278248C (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102368223A (en) * | 2011-10-08 | 2012-03-07 | 深圳和而泰智能控制股份有限公司 | Dual-core embedded system and control method |
| CN104460482B (en) * | 2014-12-18 | 2017-01-25 | 中国电子科技集团公司第三十九研究所 | CPLD-based double-computer thermal-switching controller |
| CN104734358B (en) * | 2015-03-20 | 2016-09-21 | 南京国电南自电网自动化有限公司 | A kind of intelligent switch controller with quick outlet loop |
| CN105631364A (en) * | 2015-05-20 | 2016-06-01 | 宇龙计算机通信科技(深圳)有限公司 | Security property switching method, security property switching apparatus and terminal |
| CN107612530B (en) * | 2017-09-14 | 2023-11-28 | 博为科技有限公司 | High-speed differential signal change-over switch |
| CN112817908B (en) * | 2021-02-05 | 2023-06-20 | 中国电子科技集团公司第五十八研究所 | High-speed expansion system and expansion method between bare chips |
| CN117013996B (en) * | 2023-09-27 | 2023-12-01 | 江苏帝奥微电子股份有限公司 | IO switching circuit for high-speed interface transmission system and control method thereof |
-
2004
- 2004-04-29 CN CNB2004100180180A patent/CN1278248C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN1570894A (en) | 2005-01-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10860511B1 (en) | Integrated network-attachable controller that interconnects a solid-state drive with a remote server computer | |
| CN114546913B (en) | Method and device for high-speed data interaction between multiple hosts based on PCIE interface | |
| CN101986305B (en) | File system operating method and communication device | |
| WO2011151859A1 (en) | Data transfer device and method of controlling the same | |
| WO2012143953A2 (en) | Optimized multi-root input output virtualization aware switch | |
| WO1998015896A1 (en) | High speed heterogeneous coupling of computer systems using channel-to-channel protocol | |
| CN110636139B (en) | Optimization method and system for cloud load balancing | |
| CN103154920A (en) | Unified I/O adapter | |
| JP2003084919A (en) | Control method of disk array device, and disk array device | |
| CN106844263B (en) | Configurable multiprocessor-based computer system and implementation method | |
| CN112835829A (en) | Method for multi-channel DMA transmission measurement and control signal | |
| CN1278248C (en) | Data isolation switching transmission method based on extended data bus of embedded system | |
| CN201639589U (en) | Embedded dual-redundant network card based on ARM | |
| US9116881B2 (en) | Routing switch apparatus, network switch system, and routing switching method | |
| CN214586880U (en) | Information processing apparatus | |
| CN2684479Y (en) | Security isolation apparatus for unidirectional connection network | |
| JP2009282917A (en) | Interserver communication mechanism and computer system | |
| CN114185830A (en) | Multi-processor communication method, device, system and storage medium based on mailbox | |
| CN103457880A (en) | Switch system and method of operating a switch | |
| CN213585836U (en) | Two-layer network exchange management system based on PowerPC | |
| CN208000578U (en) | A kind of blade type data processing equipment | |
| EP2300925A1 (en) | System to connect a serial scsi array controller to a storage area network | |
| CN108614756A (en) | FC-AE-ASM protocol processing chips with temp monitoring function | |
| CN1519736A (en) | Magnetic disk storage system | |
| CN111104458B (en) | Distributed data exchange system and method based on RK3399Pro |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20061004 Termination date: 20110429 |